Enabling users to connect to external NFS storage volumes

Complete these steps to enable external volume access in Cloud Pak for Data System 2.0.1.

About this task

To enable users to connect to remote SMB storage volumes from IBM® Cloud Pak for Data a cluster administrator must install the SMB CSI Driver for Kubernetes to enable the cluster to communicate with your remote SMB volumes. Then the administrator must create a cluster role and cluster role binding to grant the meta-api the appropriate permissions to provision persistent volumes.

Procedure

  1. Log on to Red Hat OpenShift Container Platform as a user with sufficient permissions to complete this task. You must be a cluster administrator.
    oc login OpenShift_URL:port
  2. Install csi-smb-driver.

    The SMB CSI Driver for Kubernetes is provided by the Kubernetes CSI organization, which provides Kubernetes specific Container-Storage-Interface (CSI) components.

  3. Create the required cluster role and cluster role binding for the meta-api:
    cat <<EOF | oc apply -f -
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      # "namespace" omitted. ClusterRoles are not scoped to a namespace.
      name: ibm-zen-volumes-cluster-role
    rules:
    - apiGroups: [""]
      #
      # at the HTTP level, the name of the resource for accessing Secret
      # objects is "secrets"
      resources: ["persistentvolumes"]
      verbs: ["create", "get", "list", "patch", "update", "watch", "delete", "use"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: ibm-zen-volumes-cluster-role-binding
    subjects:
    - kind: ServiceAccount
      name: ibm-zen-operator-serviceaccount
      namespace: ibm-common-services    # The namespace where the IBM Cloud Pak foundational services are installed
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: ibm-zen-volumes-cluster-role
    EOF